[syslog-ng] ignore src{}; contents at startup? (Fixed - FWD)

Brian A. Seklecki lavalamp at spiritual-machines.org
Wed Oct 25 01:38:25 CEST 2006


This bug actually had a perfectly natural and 100% organic fix.

FreeBSD has changed the way syslog-ng starts from a direct drop-in 
replacement for syslogd(8) in /etc/rc.d/syslogd to a completely 
stand-alone service that gets called as /usr/local/etc/rc.d/syslog-ng out 
of /etc/rc.d/localpkg.

As a result, it starts much later in the rc(8) process; ... i.e, after 
/etc/rc.d/motd has already sucked the initial buffer out.

If I were originally reporting this bug back in 2005-10-12, before I 
started hacking on the NetBSD CF Project, I probably would have simply 
recommended adding "BEFORE: syslog" to /etc/rc.d/motd or "REQUIRE: motd" 
to /etc/rc.d/syslogd to manually bounce the order around myself.

By some vague technial definition, if FreeBSD incorporated ports/3rd party 
RC scripts into rcorder(8) like NetBSD original did/does, it would still 
be broken (1).  Oh well.

Also, I never did figure out a way to use dd(1) or cat(1) or any I/O 
manipulation utility to both:

*) drain the /dev/klog
*) close() at EOF and not go into BLOCKING mode =p

Oh well, one day when I have time to read all of Stevens`

Hats off to the FreeBSD people.

Cheers!
~BAS

On Wed, 12 Oct 2005, Jens Grigel wrote:

> On Wed, 2005-10-12 at 07:39, Brian A. Seklecki wrote:
>> All:
>>
>> On FreeBSD, /dev/klog provides for output from the kernel (normally
>> redirected to /dev/console before syslog starts).
>>
>> At startup, /etc/rc.d/dmesg copies the kernel boot hardware paramters to
>> /var/run/dmesg.boot.
>>
>> If I have my src(); set to:
>>
>> source src { unix-dgram("/var/run/log");
>>               unix-dgram("/var/run/logpriv" perm(0600));
>>               internal(); file("/dev/klog"); };
>>
>> ...at starup, syslog-ng drains the contents of /dev/klog.  By default it
>> tsends to them to user.notice.
>>
>> I like to log{} these to an SMS pager (so I know if a RAID is failing or
>> other hardware problem).  However, I'd like to avoid duplication of the
>> efforts of /etc/rc.d/dmesg on behalf of syslog-ng(8) ...especially since I
>> route user.notice to my pager, and kernel boot dmesg(8) can grow over 50
>> lines.
>>
>>
>> /dev/klog really isn't a socket.  It's a special char device.
>>
>>
>> Is there anyway to tell syslog-ng(8) to ignore it's contents at startup?
>> If it was tail(1), i'd say "tail -0 -f /file".
>>
>> Perhaps clear out the contents of /dev/klog somehow?
>>
>
> dmesg (on Linux, sorry, don't know if this is available on FreeBSD) has
> the command line switch "-c" for clearing the kernel ring buffer after
> printing. Maybe adding a line like:
> 	dmesg -c >/dev/null
> in the syslog-ng startup script just before starting the syslog-ng
> daemon if the behaviour of dmesg on FreeBSD is comparable to the one on
> Linux?
>
> -- 
>
> Jens Grigel
>
> Citysavingsbank Munich, Germany
> Dep. of Network and Security
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>

l8*
 	-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
 	       http://www.spiritual-machines.org/

"...from back in the heady days when "helpdesk" meant nothing, "diskquota"
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were."


$ rcorder /etc/rc.d/* /usr/local/etc/rc.d/* | grep -v rcorder
rcorder: requirement `beforenetlkm' in file `/etc/rc.d/ike' has no 
providers.
rcorder: requirement `beforenetlkm' in file `/etc/rc.d/pflog' has no 
providers.
rcorder: requirement `beforenetlkm' in file `/etc/rc.d/pf' has no 
providers.
/usr/local/etc/rc.d/upsd.sh
/etc/rc.d/preseedrandom
/etc/rc.d/initdiskless
/etc/rc.d/rcconf.sh
/etc/rc.d/initrandom
/etc/rc.d/dumpon
/etc/rc.d/vinum
/etc/rc.d/gbde_swap
/etc/rc.d/gbde
/etc/rc.d/ccd
/etc/rc.d/swap1
/etc/rc.d/early.sh
/etc/rc.d/fsck
/etc/rc.d/root
/etc/rc.d/mountcritlocal
/etc/rc.d/ipfilter
/etc/rc.d/var
/etc/rc.d/random
/etc/rc.d/adjkerntz
/etc/rc.d/atm1
/etc/rc.d/hostname
/etc/rc.d/ipnat
/etc/rc.d/ipfs
/etc/rc.d/kldxref
/etc/rc.d/sppp
/etc/rc.d/addswap
/etc/rc.d/sysctl
/etc/rc.d/serial
/etc/rc.d/pccard
/etc/rc.d/netif
/etc/rc.d/isdnd
/etc/rc.d/ppp-user
/etc/rc.d/ipfw
/etc/rc.d/dhclient
/etc/rc.d/nsswitch
/etc/rc.d/ip6addrctl
/etc/rc.d/atm2
/etc/rc.d/routing
/etc/rc.d/ip6fw
/etc/rc.d/network_ipv6
/etc/rc.d/mroute6d
/etc/rc.d/route6d
/etc/rc.d/mrouted
/etc/rc.d/routed
/etc/rc.d/NETWORKING
/etc/rc.d/devd
/etc/rc.d/mountcritremote
/etc/rc.d/lomac
/etc/rc.d/cleanvar
/usr/local/etc/rc.d/syslog-ng
/etc/rc.d/accounting
/etc/rc.d/ipmon
/etc/rc.d/syslogd
/etc/rc.d/savecore
/etc/rc.d/SERVERS
/etc/rc.d/named
/etc/rc.d/ntpdate
/etc/rc.d/rpcbind
/etc/rc.d/nfsclient
/etc/rc.d/nisdomain
/etc/rc.d/ypserv
/etc/rc.d/ypbind
/etc/rc.d/amd
/etc/rc.d/atm3
/etc/rc.d/tmp
/etc/rc.d/cleartmp
/etc/rc.d/dmesg
/etc/rc.d/ike
/etc/rc.d/ipsec
/etc/rc.d/ipxrouted
/etc/rc.d/kerberos
/etc/rc.d/kadmind
/etc/rc.d/keyserv
/etc/rc.d/kpasswdd
/etc/rc.d/ldconfig
/etc/rc.d/quota
/etc/rc.d/nfsserver
/etc/rc.d/mountd
/etc/rc.d/nfsd
/etc/rc.d/nfslocking
/etc/rc.d/pflog
/etc/rc.d/pf
/etc/rc.d/pppoed
/etc/rc.d/pwcheck
/etc/rc.d/virecover
/usr/local/etc/rc.d/ifstated.sh
/usr/local/etc/rc.d/stunnel.sh
/etc/rc.d/DAEMON
/usr/local/etc/rc.d/svnserve
/usr/local/etc/rc.d/snmptrapd
/usr/local/etc/rc.d/snmpd
/usr/local/etc/rc.d/smartd.sh
/etc/rc.d/apm
/etc/rc.d/apmd
/etc/rc.d/bootparams
/etc/rc.d/local
/etc/rc.d/lpd
/etc/rc.d/motd
/etc/rc.d/ntpd
/etc/rc.d/rarpd
/etc/rc.d/rtadvd
/etc/rc.d/rwho
/etc/rc.d/timed
/etc/rc.d/ugidfw
/etc/rc.d/usbd
/etc/rc.d/yppasswdd
/usr/local/etc/rc.d/bsdftpd_ssl.sh
/usr/local/etc/rc.d/openntpd.sh
/usr/local/etc/rc.d/cupsd
/etc/rc.d/resolv
/usr/local/etc/rc.d/samba
/etc/rc.d/LOGIN
/usr/local/etc/rc.d/samhain
/usr/local/etc/rc.d/sa-spamd.sh
/usr/local/etc/rc.d/mdnsresponder.sh
/usr/local/etc/rc.d/heartbeat.sh
/usr/local/etc/rc.d/healthd.sh
/usr/local/etc/rc.d/gcc33.sh
/usr/local/etc/rc.d/dbus
/usr/local/etc/rc.d/cups.sh
/usr/local/etc/rc.d/bacula-fd
/usr/local/etc/rc.d/avahi-daemon.sh
/usr/local/etc/rc.d/avahi-dnsconfd.sh
/usr/local/etc/rc.d/000.pth.sh
/etc/rc.d/ypxfrd
/etc/rc.d/ypupdated
/etc/rc.d/ypset
/etc/rc.d/watchdogd
/etc/rc.d/syscons
/etc/rc.d/sshd
/etc/rc.d/sendmail
/etc/rc.d/archdep
/etc/rc.d/abi
/etc/rc.d/cron
/etc/rc.d/devfs
/etc/rc.d/jail
/etc/rc.d/localpkg
/etc/rc.d/netoptions
/etc/rc.d/securelevel
/etc/rc.d/power_profile
/etc/rc.d/pcvt
/etc/rc.d/othermta
/etc/rc.d/natd
/etc/rc.d/msgs
/etc/rc.d/moused
/etc/rc.d/mixer
/etc/rc.d/inetd
/etc/rc.d/bgfsck


More information about the syslog-ng mailing list